wsh
Posts: 3
Joined: Tue Sep 03, 2013 1:20 am

The OPENSSL installation appears to be missing or broken.

Tue Sep 03, 2013 2:03 am

Hi~
I test VOIP with asterisk on RPI Board.
And I want to build :asterisk" source (tool chain : gcc-4.7-linaro-rpi-gnueabihf).
bu I can not complete build "asterisk" source.

To build "asterisk" source, First, I builded "openssl" source and, I succeeded "openssl" source build.
(There are in path :/usr/local/SSL/OPENSSL as the result of compile )

I try to do as follows :

1. cd asterisk folder
2. ./configure --host=arm-linux-gnueabihf --target=arm-linux-gnueabihf CC="$GCCPATH/arm-linux-gnueabihf-gcc" LD="$GCCPATH/arm-linux-gnueabihf-ld" AR="$GCCPATH/arm-linux-gnueabihf-ar" CXX="$GCCPATH/arm-linux-gnueabihf-g++" STRIP="$GCCPATH/arm-linux-gnueabihf-strip" --with-ncurses=/home/weesj/opt/armlib/usr --disable-xmldoc --with-sqlite3=/home/weesj/opt/armlib/usr/local --with-ssl=/usr/local/SSL/OPENSSL

--> error :
configure: ***
configure: *** The OPENSSL installation appears to be missing or broken.
configure: *** Either correct the installation, or run configure
configure: *** including --without-ssl.

please, tell me error reason and solution about this problem.

itimpi
Posts: 1084
Joined: Sun Sep 25, 2011 11:44 am
Location: Potters Bar, United Kingdom
Contact: Website

Re: The OPENSSL installation appears to be missing or broken

Tue Sep 03, 2013 5:32 am

If you built openssl from source, did you remember to install it (typically by using the command 'make install' after building it? The build process does not automatically install what it builds.

Having said that, what is wrong with installing a pre-built version of openssl (and possibly openssl-dev) from the repositories?

wsh
Posts: 3
Joined: Tue Sep 03, 2013 1:20 am

Re: Re:The OPENSSL installation appears to be missing or bro

Wed Sep 04, 2013 12:48 am

Thank your answer.

After I complete to build "openssl", I performed command "make install".
- There are in path :/usr/local/SSL/OPENSSL as the result of compile.

I compiled "opensssl" source. - version : openssl-1.0.1e

I wan to build asterisk source with cross compile.

Build server processor is X86, and RPI's processor is arm.

When compile asterisk source in build server, the above error occurs.

please, tell me how to build asterisk source with openssl.

jurmelius
Posts: 86
Joined: Sun Jul 22, 2012 7:00 pm

Re: The OPENSSL installation appears to be missing or broken

Thu Jan 16, 2014 6:11 am

openSSL 1.0.1e is suppose to be vulnerable to DOS attacks, hence 1.0.1f has been released.
have anyone tested this?

davep
Posts: 28
Joined: Mon Aug 20, 2012 11:27 am

Re: The OPENSSL installation appears to be missing or broken

Sat Jan 30, 2016 7:42 pm

I'm trying to use Apache 2.4.10 with strong SSL security. For this, I am using a 4096 bit RSA certificate and have created my own 4096 Diffie Helmann modulus (to avoid using the one that is supplied by default with Apache). However, Apache needs a flavour of OpenSSL 1.0.2 for this to work using the:

"SSLOpenSSLConfCmd DHParameters "/path/to/dhparam.pem""

apache directive. Has anyone managed to compile a 1.0.2 version for the Pi on Raspbian Jessie? I'm asking before I try because the little server is live.

And why is the supported OpenSSL version (1.0.1k) over a year old?

davep
Posts: 28
Joined: Mon Aug 20, 2012 11:27 am

Re: The OPENSSL installation appears to be missing or broken

Sat Jan 30, 2016 8:41 pm

http://archive.raspbian.org/raspbian/dists/stretch/ appears to have OpenSSL v1.0.2e-1. Could I take the source from there for Jessie or even somehow alter my apt sources so that I can apt-get install openssl from there (or is that a horrible idea)? Is stretch stable? Could I just replace jessie with stable in the sources.list?

That didn't work (and I also updated the raspi.list)

Edit: It did work after I disabled IPV6 as I was getting errors for the sources. So now I've got "OpenSSL 1.0.2e 3 Dec 2015". I've reset it all back to jessie and I'll see if an update and upgrade don't overwrite it.

Edit 2: No apt-get problems after going back to jessie. The only thing is that apache still isn't recognising the SSLOpenSSLConfCmd directive. So, troubleshooting ahoy!

davep
Posts: 28
Joined: Mon Aug 20, 2012 11:27 am

Re: The OPENSSL installation appears to be missing or broken

Tue Feb 02, 2016 11:52 am

For info... The problem was because Apache was compiled against an older version of OpenSSL. I ended up appending the DH parameters to the end of the main key (so didn't need to download the latest OpenSSL).

Now it has 4096 bit DH params, it takes nearly 4 seconds to create a session :o https://penfold.fr It's just a passphrase page used for testing on SSLLabs for a good SSL setup.

davep
Posts: 28
Joined: Mon Aug 20, 2012 11:27 am

Re: The OPENSSL installation appears to be missing or broken

Tue Mar 01, 2016 6:41 pm

davep wrote:For info... The problem was because Apache was compiled against an older version of OpenSSL. I ended up appending the DH parameters to the end of the main key (so didn't need to download the latest OpenSSL).

Now it has 4096 bit DH params, it takes nearly 4 seconds to create a session :o https://penfold.fr It's just a passphrase page used for testing on SSLLabs for a good SSL setup.
Note that going from 900MHz to 1GHz on my Pi2 changed the SSL DH calculations from ~3.7 seconds to ~2.7 seconds, and actual passphrase calculation from 0.9s to 0.7s (as viewed from the browser Developer Tools). I didn't quite expect such a performance improvement with an increase of about 11% in clock speed.

Edit: I had a bunch of upgrades for Jessie at the same time (that may be for the Pi 3?) that could also potentially be responsible for some of the improvement.

Return to “General discussion”